SDK : Integrating with SIMS ID
Intended Audience
The SDK information is aimed at development teams from 3rd party integrators, content providers and internal development teams.
Document Purpose
This document provides information on the capabilities of the SIMS ID product from the perspective of how it may be utilised by other development and project teams. It details how they may benefit from a consolidated user authentication service that is common to end users across a range of ESS products. It also provides details on how development teams may use this service to accelerate their adoption of Identity Management services.
Why use Identity Management from SIMS ID?
Available to all SIMS customers with no annual charge, SIMS ID is at the heart of SIMS identity and authentication approach for SIMS and SIMS Partner products, providing a single identity per user that spans all products making access simple for the user. SIMS ID allows schools to automatically provision users to Google and Microsoft Office 365 from their SIMS Data
Identity Management – the ESS Approach
ESS believes that Identity Management (IdM) is fundamental to security when providing access to multiple disparate applications, and is central to the user experience being simple and positive.
At the heart of ESS’s approach to Identity Management is SIMS ID. SIMS ID is ESS’s flagship product for Identity Lifecycle Management, Authentication and Single Sign-On. Sitting as a key component in ESS’s ‘Next Generation’ education products, SIMS ID is also available direct to SIMS 7 customers.
Security is at the heart of SIMS ID automatically extracting data from SIMS. Without the need to run reports or extracts, SIMS ID lets your data empower your staff and pupils to access a range of services. Based on the latest identity management technologies, SIMS ID creates a single identity for each user that is provisioned into the Identity Management solution. This data is then used to provision: * ESS Online Services * selected cloud services such as MS Office 365 and/or Google Apps. * Integrated Partner Applications Furthermore, the data is made available, under the schools' control, to agreed partners via two Web Based APIs: * A restful provisioning API *An IMS Global One Roster API
Passwords are often the weak link in any system security. SIMS ID aids in keeping school data secure by and reducing administration by allowing partners to utilise Single Sign-On from SIMS ID.
The SIMS ID provisioning route
Figure 1- SIMS ID user and data provisioning
SIMS ID Design Structure.
From an integration stance, there are three elements to SIMS ID * The STS - responsible for authentication and SSO * The Data Provisioning agents / Data exchange APIs * The Tile Store User Interface
STS
Based on an implementation of Identity Server, the SIMS ID STS service provides single sign-on and access control for modern web applications and APIs using protocols like OpenID Connect and OAUTH 2.0. It supports a wide range of clients like mobile, web, SPAs and desktop applications and is extensible to allow integration in new and existing architectures. The SIMS ID implementation is extended to provide a range of authentication sources, as well as extending SSO protocols to include Shibboleth, which is commonly used in the education and academic technology space. SIMS ID is a registered provider with the UK Access Management Federation.
Provisioning Agents and Data Exchange APIs
In addition to the provisioning and data exchange elements of OAUTH and the Edu Person specification leveraged through open standards such as Shibboleth and the SAML 2.0 interactions. SIMS ID has a number of extensible provisioning agents & APIS. This allows for provisioning to Active Directory, Office 365 and Google Applications; work is also currently underway on MS SDS to support MS Classroom. Where specific provision requirements are necessary, SIMS ID has a range of methods to call 3rd party scripts, APIs and applications.
Tile store interface
For Single Sign On SIMS ID can operate in two modes: Headless and UI based. Where a partner wishes to use the UI based approach (this can be in addition to headless) a partner tile is made available to sites taking the partner service to allow application launching from within the SIMS ID User Interface. The underlying technologies are identical but the user journey is different.
Integrating with SIMS ID.
Integration information for SIMS ID Single Sign-On and Centralised Data Exchange APIs can be found on the Education Software Solutions Technical Integrator Site.